Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

Security Basics - Providers
  • User, Identity
    • Where are the user credentials stored?
  • Authentication
    • Who does this? IDP
    • How does it happen?
  • Authorization
    • Application does this
    • Uses information from IDP
Security Basics - Homegrown
  • Identify
    • Stored in application database
  • Authentication
    • Done by application
  • Authorization
    • Done by application
  • Not recommended
Security Basics - LDAP
  • Identity
    • Stored in LDAP database
    • Microsoft Active Directory
  • Authentication
    • Done by LDAP(AD)
  • Authorization
    • Done by Application
  • LDAP and Application in same data center

Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

Security Basics - SAML(Security Assertion Markup Language)
  • Communicating across data centers(use HTTP Redirect)
  • Identity
    • Stored in LDAP database
    • Microsoft Active Directory
  • Authentication
    • SAML Identity Provider does the authentication
    • ADFS
  • Authorization
    • Application controls it
    • Can use LDAP groups
  • SAML Metadata File
  • Trust between
    • SAML Identity Provider
    • SAML Service Provider
  • SAML Response
    • Contains SAML Token
    • Token contains claims
  • Federated User
  • Single Sign On
  • Redirect importance

Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

Security Basics - SSO
  • Avoid entering the user credentials (use SSO)
  • The network user is already a part of AD
  • Single Sign On(SSO)
    • Enterprise SSO
Problem Use cases
  • Microservices

Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

  • Cloud Apps

    • How does REST calls across network boundaries get secured?

    Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

  • Machine to Machine

    • Scheduled Tasks, Daemons sometimes need to call REST APIs. How are they secured?
    • No user involved

    Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

Social Media Platform
  • Social Media Sites
    • Facebook
    • LinkedIn
    • Google
    • Twitter
    • GitHub
    • Yahoo
  • A user usually has Multiple Identities
    • Many Identify Providers
  • What if a third party application wants to access or publish to these sites on behalf of its user?
    • User/password would be a bad idea.

Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape

上一篇:登录、注册页面 手机号验证接口 发送短信接口


下一篇:用永生js实现小球在规定范围内随机移动、随机颜色、保留移动轨迹